Cris Moore, Professor, Santa Fe Institute
April 13, 2011
Caesar shifted each letter three places in the alphabet. Much of modern computer science was born in the effort to break the Nazi Enigma code, and Cold War spies used code books that fit inside a walnut. Nowadays, the cryptography we depend on every day — for instance, to send our credit card information when we buy something on the Web — relies in turn on the mathematics of prime numbers. But in 1994, Peter Shor discovered that a future quantum computer could crack our cryptosystems by breaking large numbers into their prime factors. Cris will start by describing how these cryptosystems work, and how a quantum computer could break them. (Nothing beyond high-school math, he promises!) He'll end by giving a personal view about whether quantum computers can be built — and what kinds of cryptography could remain secure even if and when they are built.

See our entire index of CompTIA Security+ videos at http://www.FreeSecurityPlus.com - Our modern privacy requires new methods of encrypting and protecting our data. In this video, you'll learn how the emerging technologies of elliptic curve and quantum cryptography are changing the face of encryption.

Christina Brzuska, Marc Fischlin, Heike Schröder, and Stefan Katzenbeisser
Darmstadt University of Technology and Center for Advanced Security Research Darmstadt, Germany
Abstract. Recently, there have been numerous works about hardware-assisted cryptographic protocols, either improving previous constructions in terms of efficiency, or in terms of security. In particular, many suggestions use Canetti's universal composition (UC) framework to model hardware tokens and to derive schemes with strong security guarantees in the UC framework. In this paper, we augment this approach by considering Physically Uncloneable Functions (PUFs) in the UC framework. Interestingly, when doing so, one encounters several peculiarities specific to PUFs, such as the intrinsic non-programmability of such functions. Using our UC notion of PUFs, we then devise efficient UC-secure protocols for basic tasks like oblivious transfer, commitments, and key exchange. It turns out that designing PUF-based protocols is fundamentally different than for other hardware tokens. For one part this is because of the non-programmability. But also, since the functional behavior is unpredictable even for the creator of the PUF, this causes an asymmetric situation in which only the party in possession of the PUF has full access to the secrets.

See our entire index of CompTIA Security+ videos at http://www.FreeSecurityPlus.com - The generation of digital certificates is a staple of any PKI. In this video, you'll learn how to build a set of public and private keys in GPG.

See our entire index of CompTIA Security+ videos at http://www.FreeSecurityPlus.com - Asymmetric encryption technology has redefined our use of encryption with today's technology. In this video, you'll learn how this pair of keys allows use to encrypt, authenticate, manage non-repudiation, and validate our data.

Speaker: Riscphree
This talk will discuss encryption from a programmer's perspective. Topics will include a beginners rundown of terms and small introduction to cryptography, legalities concerning the development of cryptographic material, basic concepts and examples, and finally, ethics. Examples will include source code, but will not apply to one specific language as to ensure more understanding with all developers.
Even if you are not a programmer, with the information presented in the beginning of the talk, you should find it enjoyable and understandable.
For more information visit: http://bit.ly/NOTACON_2006_information
To download the video visit: http://bit.ly/NOTACON_2006_videos

See our entire index of CompTIA Security+ videos at http://www.FreeSecurityPlus.com - Cryptographic hashes provide us with features such as authentication, integrity, confidentiality, and non-repudiation. In this video, you'll learn about some of the most popular hashing ciphers.

See our entire index of CompTIA Security+ videos at http://www.FreeSecurityPlus.com - The two most common encryption methods are symmetric and asymmetric encryption. In this video, you'll learn the differences and when you might to see these two methods employed to protect your data.

See our entire index of CompTIA Security+ videos at http://www.FreeSecurityPlus.com - In some organizations, a third-party may have be part of a key escrow process. In this video, you'll learn about the need for key escrow and how to implement it into your PKI process.

See our entire index of CompTIA Security+ videos at http://www.FreeSecurityPlus.com - One of the most popular asymmetric encryption applications of all time is Pretty Good Privacy, and the OpenPGP compliant Gnu Privacy Guard is a commonly used implementation. In this video, you'll learn about both

📖📕 GET THE NEW TINKERNUT BOOK: http://bit.ly/Tinkernutbook 📕📖
This video lays out the steps for creating a very simple encryption and decryption program using free tools. The programming language we will be using is VB Script. See if you can decrypt this text:
wkjlue#vnrro#huxwxi#uxr\
You can find all the code for this program as well as an alternative for Apple computers at the project page:
http://www.tinkernut.com/archives/4193

See our entire index of CompTIA Security+ videos at http://www.FreeSecurityPlus.com - Implementing a certificate authority can include both commercial and private certificate authorities. In this video, you'll learn the differences and similarities between a commercial and private CA.

See our entire index of CompTIA Security+ videos at http://www.FreeSecurityPlus.com - We rely on Certificate Authorities to provide a key component of our Public Key Infrastructures. In this video, you'll learn the role of the CA and policies that build additional trust in your certificates.

See our entire index of CompTIA Security+ videos at http://www.FreeSecurityPlus.com - Certain security environments may require the escrow of cryptographic keys. In this video, you'll learn about key escrow and how the key escrow process can be implemented.

See our entire index of CompTIA Security+ videos at http://www.FreeSecurityPlus.com - A certificate is only as good as the trust associated with it. In this video, you'll learn about key registration and the process that providers use to confirm the identify of certificate owners.

See our entire index of CompTIA Security+ videos at http://www.FreeSecurityPlus.com - The implementation of a key revocation process may vary depending on your PKI. In this video, you'll learn how to use CRLs and the process for revoking a key used in a web-of-trust environment.

See our entire index of CompTIA Security+ videos at http://www.FreeSecurityPlus.com - Authentication factors are many and varied, and the most common authentications usually involve a single factor. In this video, you'll learn about authentication factor types and how single factor provides advantages and disadvantages to the authentication process.

Another edition of "Lab Matters" with a special guest Uri Rivner, Head of New Technologies, Identity Protection and Verification, RSA Security, where he describes what happened when RSA was hacked with a zero-day vulnerability.

Project S.T.E.P. (Science and Technology Enhancement Program) is a National Science Foundation funded GK-12 grant at the University of Cincinnati. This video was created for a middle and/or high school audience to showcase STEM content by Mike Borowczak, a graduate student that works for the grant

See our entire index of CompTIA Security+ videos at http://www.FreeSecurityPlus.com - There are many ways to manage rights and permissions on the network. In this video, you'll learn how to use user management, group management, and role-based management types to control privileges to resources.

Talk at Crypto 2011, August 15, 2011.
Boaz Barak, Yevgeniy Dodis, Hugo Krawczyk, Olivier Pereira, Krzysztof Pietrzak, François-Xavier Standaert, and Yu Yu
Microsoft Research New England; New York University; IBM Research; Université Catholique de Louvain; CWI Amsterdam; Université Catholique de Louvain;and East China Normal University
Abstract. The famous Leftover Hash Lemma (LHL) states that (almost) universal hash functions are good randomness extractors. Despite its numerous applications, LHL-based extractors suffer from the following two drawbacks:
Large Entropy Loss: to extract $v$ bits from distribution $X$ of min-entropy $m$ which are $\epsilon$-close to uniform, one must set $v \le m - 2*\log(1/\epsilon)$, meaning that the entropy loss $L = m-v \ge 2*\log(1/\epsilon)$.
Large Seed Length: the seed length $n$ of (almost) universal hash function required by the LHL must be at least $n \ge \min(u-v, v + 2*\log(1/\epsilon))-O(1)$, where $u$ is the length of the source.
Quite surprisingly, we show that both limitations of the LHL — large entropy loss and large seed — can often be overcome (or, at least, mitigated) in various quite general scenarios. First, we show that entropy loss could be reduced to $L = \log (1/\epsilon)$ for the setting of deriving secret keys for a wide range of cryptographic applications. Specifically, the security of these schemes with an LHL-derived key gracefully degrades from $\epsilon$ to at most $\epsilon+\sqrt{\epsilon 2^{-L}}$. (Notice that, unlike standard LHL, this bound is meaningful even when one extracts more bits than the min-entropy we have!) Based on these results we build a general computational extractor that enjoys low entropy loss and can be used to instantiate a generic key derivation function for any cryptographic application.
Second, we study the soundness of the natural expand-then-extract approach, where one uses a pseudorandom generator (PRG) to expand a short "input seed" $S$ into a longer "output seed" $S'$, and then use the resulting $S'$ as the seed required by the LHL (or, more generally, by any randomness extractor). We show that, in general, the expand-then extract approach is not sound if the Decisional Diffie-Hellman assumption is true. Despite that, we show that it is sound either: (1) when extracting a "small" (logarithmic in the security of the PRG) number of bits; or (2) in minicrypt. Implication (2) suggests that the expand-then-extract approach is likely secure when used with "practical" PRGs, despite lacking a reductionist proof of security!
See http://www.iacr.org/cryptodb/data/paper.php?pubkey=23565

See our entire index of CompTIA Security+ videos at http://www.FreeSecurityPlus.com - The implementation of digital certificates can vary depending on the environment, but the overall process is relatively similar. In this video, you'll see how Microsoft Certificate Services can be used to manage a PKI implementation.

Yael Tauman Kalai, Bhavana Kanukurthi, and Amit Sahai
Microsoft Research; Boston University; and University of California (UCLA)
Abstract. A large and growing body of research has sought to secure cryptographic systems against physical attacks. Motivated by a large variety of real-world physical attacks on memory, an important line of work was initiated by Akavia, Goldwasser, and Vaikuntanathan [AGV09] where security is sought under the assumptions that: (1) all memory is leaky, and (2) leakage can be an arbitrarily chosen (efficient) function of the memory.
However, physical attacks on memory are not limited to leakage through side-channels, but can also include active tampering attacks through a variety of physical attacks, including heat and EM radiation. Nevertheless, protection against the analogous model for tampering — where (1) all memory is tamperable, and (2) where the tampering can be an arbitrarily chosen (efficient) function applied to the memory — has remained an elusive target, despite significant effort on tampering-related questions.
In this work, we tackle this question by considering a model where we assume that both of these pairs of statements are true — that all memory is both leaky and (arbitrarily) tamperable. Furthermore, we assume that this leakage and tampering can happen repeatedly and continually (extending the model of [DHLW, BKKV10] in the context of leakage). We construct a signature scheme and an encryption scheme that are provably secure against such attacks, assuming that memory can be updated in a randomized fashion between episodes of tampering and leakage. In both schemes we rely on the linear assumption over bilinear groups.
We also separately consider a model where only continual and repeated tampering (but only bounded leakage) is allowed, and we are able to obtain positive results assuming only that "self-destruct" is possible, without the need for memory updates.
Our results also improve previous results in the continual leakage regime without tampering [DHLW, BKKV10]. Whereas previous schemes secure against continual leakage (of arbitrary bounded functions of the secret key), could tolerate only 1/2-ε leakage-rate between key updates under the linear assumption over bilinear groups, our schemes can tolerate 1-ε leakage-rate between key updates, under the same assumption.

See our entire index of CompTIA Security+ videos at http://www.FreeSecurityPlus.com - The topic of cryptography is one of the most comprehensive in network security. In this video, you'll learn about the history of cryptography and some of the early methods of encrypting and decrypting messages.

See our entire index of CompTIA Security+ videos at http://www.FreeSecurityPlus.com - Symmetric encryption often uses block ciphers or stream ciphers to create ciphertext. In this video, you'll learn how block and stream ciphers work and what methods these ciphers employ to keep your information private.

See our entire index of CompTIA Security+ videos at http://www.FreeSecurityPlus.com - We are constantly faced with security concerns associated with the massive number of accounts that we have to manage professionally and personally. In this video, you'll learn about managing identities across multiple sites and how you can mitigate the issues that arise from an individual owning so many different accounts.